AWS Global Accelerator static IP not working

0
votes

So I have just setup an application load balancer but I need a static IP to whitelist my database connection, I found Global Accelerator can do the job so I have set it up and assigned it to the ALB. All showing fine in the console but when I ping my domain (www.example.com), I don't see either of the 2 static IP's assigned... and when I whitelist both IP's my application still cannot connect. Am I doing something wrong?

Edit: My database is Mongo DB hosted on the Atlas Cloud. In my staging environment I have secured the connection to a single server instance using that servers IP address. Now I'm moving to a production environment with a load balancer, I'm not quite sure how I would achieve the same result, since I have multiple EC2 instances which can be created/destroyed via autoscaling. My thinking is that I need to whitelist the load balancer IP address rather than individual instances.

1
amazon-web-services
Could you please clarify what you mean by "need a static IP to whitelist my database connection"? Where is your database located? Can you describe the relationship between the Load Balancer and the database? Please edit your question to describe more about your architecture.John Rotenstein
Sure, I've updated above. Let me know if you need any more info. Thanks for the feedback. I believe I may need to setup a VPC environment instead which I'm looking into.Jat90

1 Answers

1
votes

I am assuming that your architecture is:

  • Domain name pointing to an Application Load Balancer in AWS
  • Load Balancer points to an Auto Scaling group of Amazon EC2 instances
  • The EC2 instances point to your MongoDB database hosted on the Atlas Cloud
  • You want an static IP address so that the database can permit access from the Amazon EC2 instances

While incoming traffic to the EC2 instances goes through the Load Balancer, please note that the connection from an EC2 instance to the database is a separate outbound connection that is established to the database. This traffic does not go through the Load Balancer. The only traffic coming 'out' of a Load Balancer is the response to requests that came 'in'.

The typical way to implement this architecture is:

  • Load Balancer in public subnets
  • Auto-Scaled Amazon EC2 instances in private subnets
  • A NAT Gateway in the public subnet(s)

This way, the instances in the private subnets can access the Internet via the NAT Gateway, yet they are fully isolated from traffic coming in from the Internet. It has the additional benefit that the NAT Gateway has a static IP address. All traffic going through the NAT Gateway to the Internet will 'appear' to be coming from this IP address.

For fault tolerance, it is recommended to put a NAT Gateway in at least two Availability Zones. Each will have its own static IP address.

Oh, and you could consider moving your database to Amazon DocumentDB (with MongoDB Compatibility), which would reduce latency between the application servers and the database.